* Posts by Ken Moorhouse

831 posts • joined 26 Jul 2007

Page:

Microsoft spikes GigJam collaboration tool before it leaves Preview

Ken Moorhouse
Silver badge

Gig Jam

Not suitable for long-term storage.

0
0

CrashPlan crashes out of cloudy consumer backup caper

Ken Moorhouse
Silver badge

Re: N minutes later, your files are also available on the remote Synology.

Where N can be a rather large number if there's a WAN in between the two*. ...and this is it, a good product should tell you that though you have commanded it to transmit 1Tb of files across a WAN, these are the ones that have made it across the link so far. This is not a criticism of the hardware, but a fact of life concerning the speed of light through a typical broadband connection.

*Which could be a life-saver if you've just been hit with Ransomware, but it is prudent to ensure versioning is available on your chosen product, and that the versions are easily accessible. All very well having the pre-ransomware version of the 1000 files so far encrypted in there, but not if you have to restore them individually.

0
0

What's your point, caller? Oracle fiddles with major database release cycle numbers

Ken Moorhouse
Silver badge

Re: If Oracle doesn't it'll go the way of Netware.

Not sure if that is a deliberate provocation, but I think it unfair to compare Oracle with Netware.

If Netware had achieved its objectives then we really would not be in the mess we are in today.

(I can elaborate on that, but I have to go on-site now to sort out a networking emergency).

0
0

If there's a hole in your S3 bucket, data thieves will be sprayed by Macie

Ken Moorhouse
Silver badge

Trusteer Rapport

Once upon a time I logged onto a customer's router only to be confronted with an alert from Rapport informing me that I had entered a sensitive keyword. I quizzed the customer about this and he told me that he used the same password for on-line banking. Glossing over the prudence of sharing passwords for the purposes of this comment, knowing this idiosyncracy meant that a hacker would know that the Rapport icon in any browser is a great invitation to run a dictionary attack. I would hope that that vulnerability has now been fixed.

1
0

Sorry, but those huge walls of terms and conditions you never read are legally binding

Ken Moorhouse
Silver badge

Acceptance of T's & C's

Some years ago I bought hosting and domain from a place [that shall remain nameless] for one of my customers. The customer paid for it by credit card, the site was designed and uploaded.

Roll on a year. Got a reminder from hosting company saying to pay to renew, or else it will be cancelled. I contacted customer "that website, shall I renew it?" Answer came back in the affirmative, so I renwed it using my card.

Roll on another year. Got a reminder from hosting company saying to pay to renew, or else it will be cancelled. I contacted customer "that website, shall I renew it?" This time the answer was no, so I didn't think any more of it.

When my credit card statement arrived I noticed that I'd been charged for it. I contacted the hosting company and my bank to revoke the payment.

Hosting company said that as I had a rolling account with them I had to explicitly cancel the hosting, even though their email said it would be cancelled. They told me rather snottily to read their T's & C's and I was ready to put that one down to experience.

Then a rather curious thing happened: the bank chased me "why haven't you filled out the revocation form we sent you?" I told them that I didn't really have a leg to stand on, but they said "well, we'll keep it open for you, just in case you wish to explore the circumstances thoroughly." Hmm, unusual for the bank to be this amenable, I thought.

So I read their T's & C's and in them was the nugget (paraphrased) saying that in subsequent years hosting fees will be deducted from the credit Card used initially. Initially??!! I immediately filled out the bank's form and sent it off, together with a copy of the T's & C's with that word underlined, pointing out that "initially" the hosting was bought using a different credit card. I got refunded immediately.

Ok it was a technicality, but the deceptive wording on their renewal email deserved it. I really must check to see if they've altered that clause.

The moral is not to be cowed by "the big boys legalese".

9
0
Ken Moorhouse
Silver badge

Versioning

To my mind there is no method of tallying an on-line version of T's & C's with a user's tick box response. Tallying in our high-tech world should involve an MD5 hash or equivalent to indicate that the user agrees to this specific version of the T's & C's, because tomorrow the site owner can change the wording and claim that this is what you agreed to.

Surely then they would have to go through the hoops of proving, from the Raw Access Logs of the webserver when the T's & C's were uploaded, and when I visited, but if the website owner has physical access to the site, they can go behind the scenes to change the file.

Returning to the MD5 hash principle of proof: even that is not entirely watertight as collisions are possible, but statistically implausible. The other way is for the website owner to send you a copy of what you've signed by email, or get you to sign a secure document.

Javascript is another way to serve up something different to what you think you are agreeing to.

Where I suspect there could be this kind of problem I simply save the webpage of the legakese, so I have a contemporaneous record of what I have agreed to.

4
0

Atari shoots sueball at KitKat maker over use of 'Breakout' in ad

Ken Moorhouse
Silver badge

Breakout Box...

...Safe from litigation: provided we're talking Serial Comms and not Cereal Bars.

3
0

Rowhammer RAM attack adapted to hit flash storage

Ken Moorhouse
Silver badge

Re: a bunch of repeated writes to the same logical location...

With your implied mention of wear-levelling I would go so far as to say:-

...will end up spread across different physical locations.

In some configurations it is usual for even "read-only" data on a SSD to be shunted around periodically..

Source: https://en.wikipedia.org/wiki/Wear_leveling

0
0
Ken Moorhouse
Silver badge

Re: Google's core business

https://en.wikipedia.org/wiki/Magnetic-core_memory

I think they've moved on a bit since those times.

1
0
Ken Moorhouse
Silver badge

Re: cryptographically verify

I would think that a MITM attack -similar to a Rootkit in principle - would defeat that. Trouble is that in making code versatile to meld with different I/O scenarios, hooks may be exposed which can be hijacked to do something additional to what they were designed to do.

1
0

Bank IT fella accused of masterminding multimillion-dollar insider-trading scam

Ken Moorhouse
Silver badge

Re: Why always back in a winner?

Who knows how many fraudsters are doing precisely that. However, it does seem to be a psychological trait that these people become over-confident in their ability to game the system over a sufficiently long period of time, or brag about it to the wrong person. It only takes one red flag trip-point to trigger and that is it. How will you know if such a threshold has been tripped? You won't, there is no audible alarm, but once it has, data can be painstakingly collected until such time as the evidence is there to turn up on your doorstep and interrupt your plans for the next x years.

1
0

Commentard Quizwall experiment ends with more quizzing than commenting

Ken Moorhouse
Silver badge

I'm not reading all these comments...

I'm sure I would agree with the ones concerning Brexit, Microsoft and Trump.

I got nil-points in that quiz. Which, come to think of it, Norway are pretty good at, if the Eurovision Song Contest is anything to go by.

0
0

A storage giant wants to give you 46,763...

Ken Moorhouse
Silver badge

This is what is known as...

...a Cartesian Product List

2
0
Ken Moorhouse
Silver badge

"a STORAGE giant"

The clue is in the title.

2
0

Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

Ken Moorhouse
Silver badge

Re: WordPad

I left that out of my list for the reason given:-

"There are limitations of course, or there would be no incentive to purchase Word."

OpenOffice and LibreOffice are designed to be able to act as a direct Word replacement in most circumstances.

WordPad is proprietary, from the same stable as Word, so there is no ability to see if any of the "stubbed hooks" in there are inadvertantly active in certain situations. Situations that could cause malevolent code to run sufficiently to achieve its objectives.

Running a Windows Update may also affect supporting utilities such as WordPad, whereas there would be no effect on OpenOffice or LibreOffice. Yes, libraries that these two depend on may cause them to break, but prodding such updated libraries with test software will reveal what has changed to cause the problem.

4
1
Ken Moorhouse
Silver badge

Re: Curious to know

>How do you patch a Windows system so that it's safe to click on a .doc file, and how do you open it without clicking on it.

Use OpenOffice or LibreOffice.

15
2

You had ONE job: Italian firefighters suspected of starting blazes for cash

Ken Moorhouse
Silver badge

Nero...

...we all knew he was on the fiddle.

0
0

Alibaba: We're no haven for pirates – we'll yank fake goods from our web bazaars within 24 hours

Ken Moorhouse
Silver badge

How "locked down" are manufacturer's waste disposal procedures?

If a manufacturer rejects a batch of devices for QA reasons it should also be possible to trace their disposal through to destruction or decomposition. I suspect many manufacturers skimp on this element of their production process, in which case many of those rejects will appear on sale through unscrupulous traders. Technically they could be considered by some to be "the real deal", they are the genuine article save for the issue of failing QA. However, the accompanying paperwork should indicate this failure.

1
0
Ken Moorhouse
Silver badge

Credit Card Companies can also exert pressure

Because if counterfet goods are returned for refund then it is my understanding that the Credit Card company could be held liable, so they would have a vested interest too.

2
0

Good Lord: Former UK spy boss backs crypto

Ken Moorhouse
Silver badge

Encryption is only a delay tactic

Anything that is sent though the net could be recorded, stored and played back in decrypted form in due course. So anyone using encryption for nefarious purposes needs to be looking over their shoulders for the day when their messages are cracked.

Simply stated the net is not a safe medium for messages to be transmitted that need forever to be kept secret because any node can be used as an intercept. Multiple layers of encryption might arguably extend that delay (but if using some common mode might also reduce it).

So in a way this whole discussion is focussing on the wrong element in the chain.

1
0

Commonwealth Bank: Buggy software made us miss money laundering

Ken Moorhouse
Silver badge

Re: because they kept doing $9000 deposits....

Readily spotted with software that knows about Benford's Law

4
0
Ken Moorhouse
Silver badge

Re: I haven't tried to deposit money into an ATM in at least a decade

I had two Bad Experiences of doing that.

(1) The bank got raided soon after I deposited my cheques, and I had to really moan at the bank to get my money credited (weeks later), even though I had proof of deposit. (The bank's excuse was that they are not insured against this kind of eventuality).

(2) Used one of those machines where it prints out copies of everything you submit. Ooh good! Except that the bank branch I submitted the cheques to was different to that on the printed receipt. Took an extra day for my account to be credited.

Since then I prefer to queue. Thank you.

0
0

Hacked Chrome web dev plugin maker: How those phishers tricked me

Ken Moorhouse
Silver badge

Re: What software is that, does it work with Exchange?

It doesn't work with Exchange. I use Mdaemon which gives the flexibility to run an external program as part of its message processing routine, it takes the message filename as a command line parameter and you can then do whatever you want to the message so long as it's fast doing so, and doesn't crash. I use Delphi for anything like this.

0
0
Ken Moorhouse
Silver badge

Re: 2017, and email clients still allow hyperlinks ?

I have various customers where I've installed a program where the mail server disables links that are embedded in html. Works well apart from the occasional gripe that the link has to be copied, pasted and edited before it can be accessed.

It really is impossible these days to judge the bona fides of senders. For instance, would you associate zapiermail.com as being genuinely coming from Facebook? And, if you are used to that state of affairs, how would you know if it was spoofed to appear as if it was coming from Facebook?

A big moan I've mentioned in these columns before is BT's use of custhelp.com to offer help to their customers. Last time I looked custhelp.com was registered to Oracle, but if you're not an IT person that doesn't mean a thing.

1
0

If you love your email standards, SMTP your feet: 35 years later

Ken Moorhouse
Silver badge

Re: Penny mail

Charging money for sending emails is not viable for various reasons. However, the concept of charging *processing time* is a good one, because it wastes spammers time. See "Hash Cash" for the principle involved.

Tarpitting and Greylisting are available techniques for slowing down, or forcing a spammer to repeat their submission respectively, but I've found that many mail servers are configured not to tolerate these techniques. Cloud email used by legitimate senders in particular thwarts greylisting because each time an email is resent from a cloud service it likely comes from a different IP address to the previous message which means that the recipient mail server thinks it is from a different source.

3
1
Ken Moorhouse
Silver badge

Re: user-whitelisting

2) Feed anything that hits that address straight into SpamAssassin or whatever it is that you use to score your emails with.

2
0

Microsoft breaks Office 365 sign-in pages ahead of surprise update

Ken Moorhouse
Silver badge

Re: But it's 2017.

"Why in the world would someone NOT be using 2FA if they were using it for important work???"

I suspect a significant number of people disable 2FA if they are working on a pc they trust.

Where is that "trust" stored? I suspect due to the variety of elements involved it will be some kind of Cookie on the user's pc. If so, does that sound secure?

3
0
Ken Moorhouse
Silver badge

Re: Allows for arbitrary intermediate steps to be injected more cleanly into the process.

Surely that gives hackers insight as to whether they have hit a valid username?

Question: Does the entire login process "bind" into one "session"? If it doesn't, then is there not the possibility that the Username and Password could be submitted using different IP addresses, which must be rejected for security reasons? If so, this would be frustrating when trying to login using a mobile device, when on the move.

2
0
Ken Moorhouse
Silver badge

Re: Wait, so it's: type username ... wait for page to reload ... type password?

Yes, it's very helpful for hackers, as they can type username, find that that doesn't exist, then try another username.

That's where they are getting this statistic from:-

"We've done a lot of testing of this design and our telemetry shows that people are able to sign in with a notably higher success rate using this approach,"

7
0

Go fork yourself: Bitcoin has split in two – and yes, it's all forked up

Ken Moorhouse
Silver badge

Re: In related NEWS....

Steer clear of the daf's too:-

http://www.bbc.co.uk/news/uk-31176748

0
0
Ken Moorhouse
Silver badge

Re: I believe in conkers as currency

Money on/for old rope

0
0

Brace yourselves, Virgin Media prices are going up AGAIN, people

Ken Moorhouse
Silver badge

I'm sure there is some correlation...

...with the quantity of marketing bumpf with special offers that comes through the door.

I regularly get stuff through the post from Virgin, BT and TalkTalk. How many people here have received such material from the likes of AAISP or Zen?

There's nothing to beat personal recommendation, but be careful, the top performing companies can reach a limit to their growth or decide to sell out to some company that doesn't have the same kind of respect for their customers. (I speak from bitter experience).

1
0

Everything you never knew about mail: The Postal Museum opens

Ken Moorhouse
Silver badge

I went on a visit there many many years ago

Well worthy of a visit.

Two areas stuck out in my mind as places you don't want to dwell too long in:-

(1) The difficulty of breathing whilst in the Battery Room.

(2) The Contactor Room. Trains were not "driven": full power was either applied to a vehicle, or not, in order for it to move or stop. The explosive arcing coming from contactors that controlled the trains were within feet of where we were standing was both deafening and blinding.

I'm sure that these two facets will be made less "in yer face" to comply with H&S.

3
0

Boffins throw Amazon Alexa on the rack to extract hidden clues

Ken Moorhouse
Silver badge

Re: Wireshark and Steganography

I do agree wholeheartedly that Wireshark really is the definitive way to know what is being sent down the line.

Two points though:-

The current vogue for encryption of data, even in circumstances where you really do need to know what is being sent out with your name on it, make it difficult to work out what data is actually being sent. Is it just the "wake-up" call, or is it that plus one juicy tid-bit per message, such as a user-name/password combination stored in a "to send under the radar" buffer using Steganography techniques, which can easily be disguised as handshaking?

The other way is that if a designer of the system, wanting to get data out of it surreptitiously, could be done as an "encrypted digest" at midnight - to which the official response would be "oh yes it needs to sync with time servers at midnight." Which means your Wireshark session needs to be active for days at a time to rule out such a possibility.

2
0

Meg Whitman OUT at HP ...Inc

Ken Moorhouse
Silver badge

Uber moving into rides in articulated lorries

Does this mean that Uber will be ditching cars and fullfilling services using HGV's

You may recall that HP were masters of overpackaging. Who can forget*:-

https://www.theregister.co.uk/2008/12/22/hp_box/

*(complete with Playmobil and prescient mention of überbox)

1
0

Virgin Media's profanity warning triggered by chief exec's name

Ken Moorhouse
Silver badge

Many years ago it was rejected as obscene when I wanted to use it as a forum handle.

Or maybe it was less than the minimum acceptable length.

12
0

iRobot just banked a fat profit. And it knows how to make more: Sharing maps of your homes

Ken Moorhouse
Silver badge

Re: (being deeper than others in the house) was visibly cleaner after the roomba

It is possible that the roomba had great fun designing Crop Circle designs in your bedroom carpet and you would never know it unless you were to get up on a step-ladder and look down.

3
0
Ken Moorhouse
Silver badge

Re: if you don't register or connect to the WiFi/Bluetooth

You know how this device goes off exploring the floor-space in your living accommodation? It might just do the same with your WiFi. What SSID's are in the vicinity? Let's try logging in using a dictionary of common passwords. BTW if you drop your credit card on the floor and the device detects either the characters on the card, or can read the magnetic strip then the fall-back is to login to OpenZone or similar.

A bit far-fetched maybe today, but in a few year's time people will be tying down their IoT's to prevent them going walkabout when their owners are out at work.

0
0

UK regulator set to ban ads depicting bumbling manchildren

Ken Moorhouse
Silver badge

What does this mean for the Andrex Puppy?

Do they have to use a Tasmanian Devil instead?

2
0

'Help! I'm stuck in this ATM,' writes poor bloke on a scribbled note

Ken Moorhouse
Silver badge

Help Me

Is it my imagination or does Google make it difficult to find things that were previously easy to find?

Who remembers - I think it was Olympus - demonstrating how good their cameras were? Someone had taken a monochrome portrait photo in a street in America. Look closely to the top right of the photo and there was a piece of paper stuck to a window. Zooming in on this, it was easy to see a message had been scrawled "Help Me", or similar. The photographer called the police and they found a kidnapped man in the room where the message was shown. Sadly they were too late to save the man.

Certain I didn't imagine the existence of this image, can anyone provide a link? (Guaranteed upvote, or virtual pint as thanks!)

1
0
Ken Moorhouse
Silver badge

If Candid Camera*/Beadle's About were fresh in people's minds...

...the guy would still be in there ("not gonna get caught by Beadle - no way").

*showing my age

1
0

Just in time for summer boozing: Boffins smash world record for the most perfect ice cubes

Ken Moorhouse
Silver badge

Cubic Ice

Be careful if you ask a question about this in the supermarket.

You may be pointed in the direction of the pharmacy section.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017